Saturday, May 18, 2019

Custom Authentication with MD5 Encryption on Oracle APEX 19

Leave a Comment

This article will guide you to create custom authentication with MD5 Encryption on Oracle APEX 19.


On every computer application there will be a login process to make sure only authenticated user is allowed. As a default, every application built on Oracle Application Express has predefined authentication scheme using Application Express Accounts. This predefined authentication scheme will allow user to make a login into built application using same credential as their workspace login.

There is another way to make another authentication scheme, which is will be using different credential not the workspace credential. We can create Custom authentication scheme that will use custom table to store the login credential. For example, we can create TLOGIN table with username and password attributes to hold the authenticated user credentials. This TLOGIN table will be read by the application login page when the application is running for the first time.

By default, all information stored inside the table the hold password information is a string. For example, the password for admin user is “thePassword”, this word will appear every time we open the data of table. Unfortunately, if someone else able to open the table, they will know the password and they will be able to enter the application.

There is a way to secure the credential even if someone else able to view the data inside the table. We can encrypt the string of text that hold the password credential by using MD5 hash encryption. Fortunately, Oracle has built in function to implement the MD5 hash function. This MD5 function will encrypt any words into 32 randomized characters. For example, “thePassword” will be encrypted into “OED4768C11461AB762DA1F5719AD560B”.

This tutorial will guide you to implement MD5 hash function into custom authentication scheme. Here are the steps:

1.       Open Oracle APEX website using your web browser. Login into your Oracle Application Express Workspace


2.       Create a Table namely TLOGIN with some attributes (e.g. ID, USERNAME, PASSWORD, STATUS)


3.       Go to Application Builder and click on Create to create new application


4.       Next choose New Application


5.       Set the project name with anything you wish (e.g. ProjectWithMD5), leave other options as default and the click on Create Application button


6.       The application is created, you will found 3 pages (Global Page, Home, Login Page)


7.       Click on Shared Component


8.       On Security area, click on Authentication Schemes


9.       Choose “Based on a pre-configured scheme from gallery” the click on Next button


10.   Fill some information on required text field.
Name: myOten, Scheme Type: Custom, Authentication Function Name: cek_otentikasi


11.   Still on Create Authentication Scheme page, scroll down and fill in the PL/SQL code with a function and then click on Create Authentication Scheme Button


12.   Create a function “GetMD5(pstring IN VARCHAR2) RETURN VARCHAR2” using SQL Workshop


13.   Execute the function to get encrypted password


14.   Open TLOGIN table, insert one record contains the encrypted password


15.   Run the application, try to login using any username and password. Invalid Login Credentials will be appeared.


16.   Try to make a login using admin as the username and thePassword as the password, it should be worked.


17.   The homepage will be appeared as the login process has been successful


Thank You - Bobsis

Read More